Design Strategies for ARX with Provable Bounds: SPARX and LAX

We present, for the first time, a general strategy for designing ARX symmetric-key primitives with provable resistance against single-trail differential and linear cryptanalysis. The latter has been a long standing open problem in the area of ARX design. The Wide-Trail design Strategy (WTS), that is at the basis of many S-box based ciphers, including the AES, is not suitable for ARX designs due to the lack of S-boxes in the latter. In this paper we address the mentioned limitation by proposing the Long-Trail design Strategy (LTS) -- a dual of the WTS that is applicable (but not limited) to ARX constructions. In contrast to the WTS, that prescribes the use of small and efficient S-boxes at the expense of heavy linear layers with strong mixing properties, the LTS advocates the use of large (ARX-based) S-Boxes together with sparse linear layers. With the help of the so-called long-trail argument, a designer can bound the maximum differential and linear probabilities for any number of rounds of a cipher built according to the LTS. To illustrate the effectiveness of the new strategy, we propose Sparx -- a family of ARX-based block ciphers designed according to the LTS. Sparx has 32-bit ARX-based S-boxes and has provable bounds against differential and linear cryptanalysis. In addition, Sparx is very efficient on a number of embedded platforms. Its optimized software implementation ranks in the top-6 of the most software-efficient ciphers along with Simon, Speck, Chaskey, LEA and RECTANGLE. As a second contribution we propose another strategy for designing ARX ciphers with provable properties, that is completely independent of the LTS. It is motivated by a challenge proposed earlier by Wallen and uses the differential properties of modular addition to minimize the maximum differential probability across multiple rounds of a cipher. A new primitive, called LAX is designed following those principles. LAX partly solves the Wallen challenge

Mind the Gap - A Closer Look at the Security of Block Ciphers against Differential Cryptanalysis

Resistance against differential cryptanalysis is an important design criteria for any modern block cipher and most designs rely on finding some upper bound on probability of single differential characteristics. However, already at EUROCRYPT'91, Lai et al. comprehended that differential cryptanalysis rather uses differentials instead of single characteristics. In this paper, we consider exactly the gap between these two approaches and investigate this gap in the context of recent lightweight cryptographic primitives. This shows that for many recent designs like Midori, Skinny or Sparx one has to be careful as bounds from counting the number of active S-boxes only give an inaccurate evaluation of the best differential distinguishers. For several designs we found new differential distinguishers and show how this gap evolves. We found an 8-round differential distinguisher for Skinny-64 with a probability of 2−56.932−56.93, while the best single characteristic only suggests a probability of 2−722−72. Our approach is integrated into publicly available tools and can easily be used when developing new cryptographic primitives. Moreover, as differential cryptanalysis is critically dependent on the distribution over the keys for the probability of differentials, we provide experiments for some of these new differentials found, in order to confirm that our estimates for the probability are correct. While for Skinny-64 the distribution over the keys follows a Poisson distribution, as one would expect, we noticed that Speck-64 follows a bimodal distribution, and the distribution of Midori-64 suggests a large class of weak keys

The Aspartate-Semialdehyde Dehydrogenase of Edwardsiella ictaluri and Its Use as Balanced-Lethal System in Fish Vaccinology

asdA mutants of Gram-negative bacteria have an obligate requirement for diaminopimelic acid (DAP), which is an essential constituent of the peptidoglycan layer of the cell wall of these organisms. In environments deprived of DAP, i.e., animal tissues, they will undergo lysis. Deletion of the asdA gene has previously been exploited to develop antibiotic-sensitive strains of live attenuated recombinant bacterial vaccines. Introduction of an Asd+ plasmid into a ΔasdA mutant makes the bacterial strain plasmid-dependent. This dependence on the Asd+ plasmid vector creates a balanced-lethal complementation between the bacterial strain and the recombinant plasmid. E. ictaluri is an enteric Gram-negative fish pathogen that causes enteric septicemia in catfish. Because E. ictaluri is a nasal/oral invasive intracellular pathogen, this bacterium is a candidate to develop a bath/oral live recombinant attenuated Edwardsiella vaccine (RAEV) for the catfish aquaculture industry. As a first step to develop an antibiotic-sensitive RAEV strain, we characterized and deleted the E. ictaluri asdA gene. E. ictaluri ΔasdA01 mutants exhibit an absolute requirement for DAP to grow. The asdA gene of E. ictaluri was complemented by the asdA gene from Salmonella. Several Asd+ expression vectors with different origins of replication were transformed into E. ictaluri ΔasdA01. Asd+ vectors were compatible with the pEI1 and pEI2 E. ictaluri native plasmids. The balanced-lethal system was satisfactorily evaluated in vivo. Recombinant GFP, PspA, and LcrV proteins were synthesized by E. ictaluri ΔasdA01 harboring Asd+ plasmids. Here we constructed a balanced-lethal system, which is the first step to develop an antibiotic-sensitive RAEV for the aquaculture industry

Mutational patterns in chemotherapy resistant muscle-invasive bladder cancer

Despite continued widespread use, the genomic effects of cisplatin-based chemotherapy and implications for subsequent treatment are incompletely characterized. Here, we analyze whole exome sequencing of matched pre- and post-neoadjuvant cisplatin-based chemotherapy primary bladder tumor samples from 30 muscle-invasive bladder cancer patients. We observe no overall increase in tumor mutational burden post-chemotherapy, though a significant proportion of subclonal mutations are unique to the matched pre- or post-treatment tumor, suggesting chemotherapy-induced and/or spatial heterogeneity. We subsequently identify and validate a novel mutational signature in post-treatment tumors consistent with known characteristics of cisplatin damage and repair. We find that post-treatment tumor heterogeneity predicts worse overall survival, and further observe alterations in cell-cycle and immune checkpoint regulation genes in post-treatment tumors. These results provide insight into the clinical and genomic dynamics of tumor evolution with cisplatin-based chemotherapy, suggest mechanisms of clinical resistance, and inform development of clinically relevant biomarkers and trials of combination therapies

Bison: Instantiating the Whitened Swap-Or-Not Construction

International audienceWe give the first practical instance-bison-of the Whitened Swap-Or-Not construction. After clarifying inherent limitations of the construction, we point out that this way of building block ciphers allows easy and very strong arguments against differential attacks

Encryption Standard

Advance